Not a user yet?
Log in Register for free Suggest a product
Update

Identity scoping is now generally available (GA)*

Defender for IdentityDefender for Identity
Microsoft
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

August 2025
Microsoft Entra ID risk level is now available in near real time in Microsoft Defender for Identity (Preview)
Entra ID risk level is now available on the Identity Inventory assets page, the identity details page, and in the IdentityInfo table in Advanced Hunting, and includes the Entra ID risk score. SOC analysts can use this data to correlate risky users with sensitive or highly privileged users, create custom detections based on current or historical user risk, and improve investigation context.

Previously, Defender for Identity tenants received Entra ID risk level in the IdentityInfo table through user and entity behavior analytics (UEBA). With this update, the Entra ID risk level is now updated in near real time through Microsoft Defender for Identity.

For UEBA tenants without a Microsoft Defender for Identity license, synchronization of Entra ID risk level to the IdentityInfo table remains unchanged.

New security assessment: Remove inactive service accounts (Preview)
Microsoft Defender for Identity now includes a new security assessment that helps you identify and remove inactive service accounts in your organization. This assessment lists Active Directory service accounts that have been inactive (stale) for the past 180 days, to help you mitigate security risks associated with unused accounts.

For more information, see: Security Assessment: Remove Inactive Service Accounts (Preview)

New Graph based API for response actions (preview)
We’re excited to announce a new Graph-based API for initiating and managing remediation actions in Microsoft Defender for Identity.

This capability is currently in preview and available in API Beta version.

For more information, see Managing response actions through Graph API.

Identity scoping is now generally available (GA)
Identity scoping is now generally available across all environments. Organizations can now define and refine the scope of MDI monitoring and gain granular control over which entities and resources are included in security analysis.

For more information, see Configure scoped access for Microsoft Defender for Identity.

New security posture assessment: Remove discoverable passwords in Active Directory account attributes (Preview)
The new security posture assessment highlights unsecured Active Directory attributes that contain passwords or credential clues and recommends steps to remove them, helping reduce the risk of identity compromise.

For more information, see: Security Assessment: Remove discoverable passwords in Active Directory account attributes (Preview)

Microsoft Defender for Identity sensor version updates
Version number Updates

  • 2.247 Includes bug fixes and stability improvements for the Microsoft Defender for Identity sensor.
  • 2.246 Includes bug fixes and stability improvements for the Microsoft Defender for Identity sensor.

Detection update: Suspected Brute Force attack (Kerberos, NTLM)
Improved detection logic to include scenarios where accounts were locked during attacks. As a result, the number of triggered alerts might increase.

Version: August 2025 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft Defender for Identity updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Banner Logitech